| TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations | ACSAC ’24 | 2024 | SCOUT/MoViSec |
| Access Your Data… if You Can: An Analysis of Dark Patterns Against the Right of Access on Popular Websites | Annual Privacy Forum (APF’24) | 2024 | SCOUT |
| Web-based prototype of a visual and interactive deep learning simulation | DELFI’24 | 2024 | SCOUT |
| FAIR Learning Technologies with Web Components and Packages | DELFI’24 | 2024 | SCOUT |
| In Search of Partitioning Oracle Attacks Against TLS Session Tickets | ESORICS’24 | 2024 | SEAN |
| LanDscAPe: Exploring LDAP Weaknesses and Data Leaks at Internet Scale | USENIX Security’24 | 2024 | SEAN |
Security Analysis of BigBlueButton
and eduMEET | ACNS’24 | 2024 | MoViSec |
| SoK: SSO-Monitor — The Current State and Future Research Directions in Single Sign-On Security Measurements | 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P) | 2024 | SES |
| WebWriter: Authoring and Remixing Explorables | European Conference on Technology Enhanced Learning | 2024 | SCOUT |
| Evaluating Authoring Tools with the Explorable Authoring Requirements | arXiv preprint | 2024 | SCOUT |
| We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets | USENIX Security’23 | 2023 | SEAN |
| Content-Type: multipart/oracle – Tapping into Format Oracles in Email End-to-End Encryption | USENIX Security’23 | 2023 | SEAN |
| Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures | USENIX Security’23 | 2023 | |
| Behind the Screens: The Security & Privacy Advice Landscape of Children in Grades 5 & 6 | WiPSCE’23 | 2023 | SCOUT |
| WebWriter: A System to Author and Remix Explorables–Requirements & First Prototype | Gesellschaft für Informatik e.V. | 2023 | SCOUT |
| Assessing the Security and Privacy of Baby Monitor Apps | Journal of Cybersecurity and Privacy | 2023 | MedMax |
| Improving trace synthesis by utilizing computer vision for user action emulation | Forensic Science International: Digital Investigation | 2023 | MedMax |
| Security Analysis of the 3MF Data Format | RAID’23 | 2023 | |
| Poster: Circumventing the GFW with TLS Record Fragmentation | 2023 ACM SIGSAC Conference on Computer and Communications Security | 2023 | SEAN |
| Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers | 2023 ACM SIGSAC Conference on Computer and Communications Security | 2023 | MoViSec |
| | | |
| Accurate Real-Time Labeling of Application Traffic | 2022 IEEE 47th Conference on Local Computer Networks (LCN) | 2022 | SCOUT |
| DISTINCT: Identity Theft using In-Browser Communications in Dual-Window Single Sign-On | 2022 ACM SIGSAC Conference on Computer and Communications Security | 2022 | SES |